[Snort-sigs] My first attempt in writing snortrules: SubSeven Gold 2.1 Sig

counter.spy at ...52... counter.spy at ...52...
Fri Mar 22 01:19:02 EST 2002


>According to counter.spy at ...52...:
>> Hello,
>> I have noticed, that the SubSeven Rules in Backdoors.rules did not
trigger
>> on the SubSeven Version I tested in my testing environment.  This is a 
>> SubSeven Gold 2.1.
>> Note: 
>> This is my very first attempt in writing snort rules, so please don't
laugh
>> to loud ;)

Brian wrote:

>Your PDF looks kinda ... strange in xpdf.  Can you send a copy of this
>in plain text?

Sure. 
Well, xpdf and some other viewers seem to have pbs with reading PDF files
that were generated with gsview32. I didn't know that, since I am using Acrobat
Reader 5.0. on my
M$ Windoze notebook, where I also write my texts.
Thanks for the hint anyway. Here is a text version. :)

>PCAP is very useful as well...
The text file includes the (what I think to be the) relevant etherframes
that I picked from the capture ;)

>-brian

Thanks,
D.Liesen

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: sub7_analysis.txt
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20020322/678423af/attachment.txt>


More information about the Snort-sigs mailing list